Bit9 + Carbon Black on Twitter

FileVault: Another Hit to Apple’s Security

For anyone who has encrypted their files with the legacy version of the FileVault software, and since upgraded to OS X Lion 10.7.3, you could have presented plain text files containing all of your user logins to any additional user with access to the same system. The vulnerability was discovered by security researcher David Emery, stating:

“Someone, for some unknown reason, turned on a debug switch (DEBUGLOG) in the current released version of MacOS Lion 10.7.3 that causes the authorizationhost process’s HomeDirMounter DIHLFVMount to log in *PLAIN TEXT* in a system wide logfile readible by anyone with root or admin access the login password of the user of an encrypted home directory tree (“legacy Filevault”).”

It’s important to note that even after resolving the issue, the files could still be present on Apple’s Time Machine backup system – if activated by the user. Fortunately the vulnerability has its limitations. Meaning it only applies to users running the older “legacy” version of the FileVault software in conjunction with OS X Lion. However, it still raises concerns.

The latest installment of OS X 10.7.3 was available to all users to install back on Feb. 1. So the vulnerability has existed for over three months with zero resolution from Apple. There haven’t been any reports of breaches due to this vulnerability, but it’s another crack in the OS X armor among a lineage of issues that have persisted throughout 2012.

If the beginning of this year is at all an indicator, users are now more aware that Macs are vulnerable and probably always have been (Linux and Window’s nerds yell a resounding “told ya so”). Security through obscurity no longer exists for a company that has marched to the top of the tech leadership food chain. It’s possible that Mac’s security was merely a myth hidden in its now non-existent niche in the market. So now at the peak of their popularity arrives the attention of more hackers, and as more Macs move into the workplace, the attention of cyber espionage and other threats. It’s up to Apple to realize that business-as-usual isn’t protecting their customers. Maybe Apple may now acknowledge what Microsoft has already grown accustomed to for nearly two decades, and that security requires multiple layers and patch updates Apple is repeatedly slow to deliver on.

If this issue exists for you, Topher Kessler has provided a guide to help troubleshoot the issue of disabling or updating FileVault, changing your passwords or more (via CNET).